security

Time and time again, when I would read an article about WordPress security or how to harden an install, I would see mentions of limiting the amount of times someone can try to log into an account. I’ve never put much thought into the idea but I’ve finally installed a (more…)

April has been a troubling time for a couple of well known web-hosts security wise. Ipstenu wrote a post on the various hacks that took place this month and I thought it was a well written piece that explains the variables that needed to happen for those events to occur. (more…)

If I were operating Network Solutions right now, I’d be on my knees begging for mercy. Browsing through my feedreader today, I came across a post on ComputerWorld.com mentioning that customers hosted on Network Solutions.com have been attacked again. This time, it’s not targeted at WordPress users. Sucuri Security Labs (more…)

I haven’t had the time to write about much WordPress news lately but after reading the post published on the WordPress developer blog regarding Network Solutions, it might have been for the best. There have been a number of WordPress based sites hosted on Network Solutions that have had their (more…)

WordPress 2.9.2 was released just a few minutes ago to address a security problem dealing with the Trash feature. When WordPress implemented the new feature they failed to change the permissions granted when the post is in the trash. This means that an unauthenticated user cannot see the post, however (more…)

This is a guest blog post written by Randy Hoyt, author of the blog, RandyHoyt.com. He’s also the founder of Web development firm Amesbury Web. The recent attacks on older versions of WordPress have made security a hot topic in the community. There has been finger-pointing and mud-slinging from many (more…)

In this rant filled edition of WordPress Weekly, David and I along with special guest co-host Scott Clark developer and community manager for the PODS CMS plugin talk about a wide range of topics all relating to WordPress Security. We cover what happened with the worm that took advantage of (more…)

Much has been said in recent weeks regarding WordPress upgrades, security, and responsibility. While I still think end users are the ones responsible for what happens regarding their WordPress powered site, I do think there are areas of improvement that the WordPress team should consider. The following is a list (more…)

Amidst all the fuss about what it takes to find out when there is an upgrade available for WordPress, Konrad Karpieszuk took advantage of the situation and created a plugin that provides email notifications on when an upgrade is available. The plugin sends a check to WordPress.org every day to (more…)

This weeks edition of WordPress Weekly will be an open mic roundtable centered around the topic of security. We’ll talk about security practices, things to avoid doing to make upgrading a harder process, the entire situation surrounding the worm that hit older versions of WordPress, ideas for what WordPress can (more…)

Over the weekend, news quickly spread throughout the WordPress community of a worm that was taking advantage of older versions of WordPress. I found out about the problem through Lorelle’s twitter account where she linked to an article on her blog covering the details of the attack. Mark Ghosh of (more…)